Privacy Policy
Log på

Indkøbskurv

Din indkøbskurv er tom

Privacy Policy

The Alchemist Sanctuary
Copenhagen, Denmark
Effective Date: 10 July, 2025

1. Introduction

At The Alchemist Sanctuary, your privacy is important to us. This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you visit or make a purchase from our website, https://thealchemistsanctuary.com.

We are committed to handling your data with transparency, care, and in full compliance with applicable laws, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), where applicable.

By using our website, you agree to the terms of this Privacy Policy.

2. Who We Are

The Alchemist Sanctuary is a sole proprietorship (Enkeltmandsvirksomhed) based in Copenhagen, Denmark. We operate an independent Shopify-based art print store focused on selling restored public domain artworks, printed on demand.

Business Details:

  • Legal Business Name: The Alchemist Sanctuary
  • Business Type: Sole Proprietorship (Enkeltmandsvirksomhed)
  • CVR Number: 40801448 (reactivated and valid as of July 2025)
  • Jurisdiction: Denmark (EU VAT zone)
  • Registered Address: Ravnsborggade 17, 2th, 2200 Copenhagen N, Denmark

(Note: The registered address is used in legal documentation only and will not be publicly displayed for privacy reasons.)

Contact:

3. Information We Collect

We collect and process the following categories of personal data when you interact with our website or services:

a. Information You Provide Directly

  • Name, email address, billing and shipping address
  • Payment information (processed securely by Shopify; we do not store payment details)
  • Order details and communication history (e.g., support requests, email subscriptions, wishlist entries)

b. Information Collected Automatically

When you visit our website, certain technical data is automatically collected by our ecommerce platform (Shopify), including:

  • IP address, browser type, device type, operating system
  • Referring URLs, pages viewed, session duration
  • Non-identifiable analytics used for store improvement (Shopify analytics only)

We do not use Google Analytics or Hotjar. All analytics are handled within Shopify’s platform. We also do not use third-party embedded tools like YouTube trackers or auto-play widgets that collect visitor data.

c. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience. These include:

  • Essential cookies for cart functionality, checkout, and language preferences
  • Analytics cookies provided by Shopify
  • Marketing and retargeting cookies (e.g., from Meta/Facebook Pixels, Klaviyo) where applicable, in compliance with cookie consent laws.

d. Consent Management:
We use Shopify’s built-in cookie banner, which is active and visible across required EU regions. Users can manage cookie preferences through the banner or their browser settings.

For full details, please refer to our Cookie Policy. 

4. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

  • Contractual necessity (Art. 6(1)(b)) – for order processing and customer support
  • Consent (Art. 6(1)(a)) – for email marketing and optional services
  • Legal obligation (Art. 6(1)(c)) – for tax and accounting records
  • Legitimate interest (Art. 6(1)(f)) – for analytics, fraud prevention, and site improvement

5. How We Use Your Information

We use your data to:

  • Process and fulfill orders (via Shopify and Gelato)
  • Provide customer support through email and contact forms
  • Send transactional emails, order confirmations and shipping updates
  • Send marketing emails or updates via Klaviyo, with prior consent
  • Analyze website performance and user behavior
  • Comply with legal obligations

6. Sharing Your Information

We do not sell or rent your personal data. We only share your information with trusted service providers and partners as necessary to operate our business and deliver services to you. These include:

  • Shopify, Inc. – ecommerce platform, hosting, secure checkout, analytics, and payment processing
  • Gelato – global print-on-demand production and order fulfillment
  • Klaviyo and MailerLite – email marketing, including abandoned cart reminders and welcome flows (GDPR-compliant)
  • Shopify Inbox – customer support communication (in place of live chat tools)
  • Meta (Facebook/Instagram) and Pinterest – advertising, social media integration, and retargeting (where applicable)
  • Shipping carriers – delivery logistics and shipment tracking
  • Accounting service providers – for financial reporting and compliance with Danish tax laws

All customer data is securely stored and managed within Shopify’s infrastructure and is not exported to third-party storage platforms.

When your data is transferred or processed outside the European Union, we rely on Standard Contractual Clauses (SCCs) and other lawful mechanisms to ensure an adequate level of protection in compliance with the GDPR.

We may also use anonymized audience data for remarketing campaigns through Meta and Pinterest. These campaigns are configured without exposing identifiable customer details.

7. Data Retention

We retain your information only for as long as needed:

  • To fulfill the purpose for which it was collected
  • To comply with legal and accounting requirements
  • Or until you request deletion (where applicable)

Order-related data is retained for at least 5 years for accounting and tax compliance under Danish law.

8. Your Rights (EU & California)

As a data subject, you have rights under the General Data Protection Regulation (GDPR) and, if you are a California resident, under the California Consumer Privacy Act (CCPA):

a. Your rights under GDPR include the right to:

  • Access the personal data we hold about you
  • Correct or delete inaccurate or outdated information
  • Withdraw your consent at any time (where processing is based on consent)
  • Object to or restrict processing of your data
  • Request data portability in a structured, commonly used format
  • Lodge a complaint with a supervisory authority (e.g., Datatilsynet in Denmark)

b. Your rights under CCPA (for California residents):

  • Know what personal data is being collected and how it’s used
  • Request deletion of your personal data
  • Opt-out of the sale of your personal data (we do not sell data)
  • Not be discriminated against for exercising your CCPA rights

If you are a California resident and wish to make a privacy-related request, please email us at the same contact address above.

c. To exercise your rights, contact us at:
Email: support@thealchemistsanctuary.com

We may request identity verification before fulfilling certain requests. We aim to respond within 30 days.

9. Children’s Privacy

Our website and services are not intended for, and we do not knowingly collect personal data from individuals under the age of 13 (U.S.) or 16 (EU and Denmark), or the minimum age required in your jurisdiction.

If you are a parent or legal guardian and believe that a child under your care has provided us with personal information, please contact us at support@thealchemistsanctuary.com. We will promptly delete any such data from our systems.

10. Data Security

We take the protection of your data seriously and implement industry-standard security measures, including:

  • SSL encryption for secure data transmission
  • AES-256 encryption for stored data where applicable
  • PCI-DSS-compliant payment processing, managed through Shopify’s secure checkout system

Your data is hosted on Shopify’s secure servers and subject to their enterprise-grade protection standards. For more information, please refer to Shopify’s Security Page.

While we strive to protect your information, no method of transmission over the Internet or electronic storage is completely secure. If you believe your interaction with us is no longer secure, please contact us immediately at support@thealchemistsanctuary.com.

We also encourage users to safeguard their own account credentials and devices.

11. International Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including by our third-party service providers (e.g., Shopify, Gelato, Klaviyo), some of whom are located in jurisdictions such as the United States or Canada.

Where such transfers occur, we ensure that appropriate safeguards are in place, including the use of Standard Contractual Clauses (SCCs) approved by the European Commission, to provide an adequate level of protection in accordance with Article 46 of the GDPR.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal obligations, or business operations.

When we make changes, we will revise the “Effective Date” at the top of this page. If the changes are significant, we will notify you by email (if you have an account or subscription with us) or by placing a prominent notice on our website.

We encourage you to review this page periodically to stay informed about how we protect your information.

13. Contact

If you have any questions, requests, or complaints regarding this Privacy Policy or our data practices, please contact:

Email: support@thealchemistsanctuary.com
Business Location: Copenhagen, Denmark

We respond to all inquiries as promptly as possible, typically within 5–7 business days.

A downloadable PDF version of this Privacy Policy is available on request for transparency and offline access.